Great Circle Associates Firewalls
(August 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Lotus Notes Servers
From: Hartmut . Fehling @ Hamburg-Mannheimer . de
Date: Mon, 4 Aug 1997 17:45:01 +0200
To: Firewalls @ GreatCircle . COM 
As I already pointed out to Jerry, I suggest that you place one
Notes-Gateway-Server in your DMZ (third network on a dual-homed gateway)
and configure your firewall in a fashion to accept the Notes-RPCs (Port
1329 or so) from the IP-Adresses of the external servers you want to
connect to.

Then you can have your Notes-Production-Server replicate (Pull-Push from
the Production-Server which means the Gateway-Server is being pulled) data
through your firewall to your Notes-Gateway-Server (you can also have a
separate Modem-Link to the Notes-Gateway-Server) - be sure to implement a
rule for that on your firewall, too. And yes, watch out for
address-spoofing - Checkpoint FireWall-1 can do a neat job on killing
spoofed packets.

As far as scanning of attachments is concerned, GROUP Watchdog as a very
good reputation in Germany - I haven?t used it yet, though:
http://www.group-wp.de/WWW_WP01.NSF/E-WatchDog?OpenView

Regards,

   Hartmut Fehling

Hamburg-Mannheimer Versicherungs-AG
Indexed By Date Previous: RE: Firewall-1, Static Address Translation problem [2]
From: "Angel López Escobar" <alopez @ mdintesis . es>
Next: Request for design evaluation participants
From: Tom Noonan <tnoonan @ us . ibm . com>
Indexed By Thread Previous: Re: Security of IP to IPX internet gateway -Reply
From: Arjan Vos <arjan @ pino . demon . nl>
Next: Request for design evaluation participants
From: Tom Noonan <tnoonan @ us . ibm . com>
Google
 
Search Internet Search www.greatcircle.com